[SOLVED] Policy Kit does not allow to restart a service, despite an adequate rule

[vmihalko]

In GitLab by @xavier8854 on Jul 5, 2021, 17:55

As nagios user, I cannot execute systemctl. Tracking it down to pkexec, I get :

-sh-4.2$ pkexec systemctl reload nagios
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/systemctl' as the super user

However, I have a very, very lenient polkit rule (it is a NOT a production system)

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units") {
        var verb = action.lookup("verb");
        if (verb == "start" || verb == "stop" || verb == "restart" || verb == "reload") {
            return polkit.Result.YES;
        }
    }
});

I double check it is compiled when restarting polkit.service What is the problem ?

OS : RHEL7 Sytemd version 219 PolKit version : 0.112

Thanks,

Xavier

[vmihalko]

In GitLab by @xavier8854 on Jul 6, 2021, 13:45

It seems that the combo Sytemd 219 + PolKit 0.112 does not support the "verb" statement. Added some logging to the rule shows me this :

/etc/polkit-1/rules.d/01-nagios.rules:7: verb=undefined

I close this issue.

Xavier